<?php
/**
 * LICENSE
 *
 * This source file is subject to the new BSD license that is bundled
 * with this package in the file license.txt or that can be found at 
 * http://code.google.com/p/billboardce/wiki/License.
 *
 * @package    Oauth_Signature_Method_RSASHA1
 * @category   Library
 * @license    http://code.google.com/p/billboardce/wiki/License New BSD License
 * @version    SVN: $Id: $
 */

/**
 * 
 *
 * @package    Oauth_Signature_Method_RSASHA1
 * @category   OAuth
 */
class Oauth_Signature_Method_RSASHA1 extends Oauth_Signature_Method
{
    public function getName()
    {
		return "RSA-SHA1";
	}
	
	protected function fetchPublicCert(&$request)
	{
		// not implemented yet, ideas are:
		// (1) do a lookup in a table of trusted certs keyed off of consumer
		// (2) fetch via http using a url provided by the requester
		// (3) some sort of specific discovery code based on request
		//
		// either way should return a string representation of the certificate
		throw Exception("fetchPublicCert not implemented");
	}
	
	protected function fetchPrivateCert(&$request)
	{
		// not implemented yet, ideas are:
		// (1) do a lookup in a table of trusted certs keyed off of consumer
		//
		// either way should return a string representation of the certificate
		throw Exception("fetchPrivateCert not implemented");
	}
	
	public function buildSignature(&$request, $consumer, $token)
	{ 
		$baseString = $request->getSignatureBaseString();
		$request->baseString = $baseString;
		
		// Fetch the private key cert based on the request
		$cert = $this->fetchPrivateCert($request);
		
		// Pull the private key ID from the certificate
		$privatekeyid = opensslGetPrivatekey($cert);
		
		// Sign using the key
		$ok = openssl_sign($baseString, $signature, $privatekeyid);
		
		// Release the key resource
		openssl_free_key($privatekeyid);
		
		return base64_encode($signature);
	}
	
	public function checkSignature(&$request, $consumer, $token, $signature)
	{
		$decodedSig = base64_decode($signature);
		
		$baseString = $request->getSignatureBaseString();
		
		// Fetch the public key cert based on the request
		$cert = $this->fetchPublicCert($request);
		
		// Pull the public key ID from the certificate
		$publickeyid = openssl_get_publickey($cert);
		
		// Check the computed signature against the one passed in the query
		$ok = openssl_verify($baseString, $decodedSig, $publickeyid);
		
		// Release the key resource
		openssl_free_key($publickeyid);
		
		return $ok == 1;
	}
}